fmalita, mind taking a look at this one?

The following revision refers to this bug:
  https://skia.googlesource.com/skia.git/+/c52310402c56e535e574a0a53e2355e5350e952d

commit c52310402c56e535e574a0a53e2355e5350e952d
Author: fmalita <fmalita@chromium.org>
Date: Wed Aug 10 12:45:50 2016

Prevent degenerate linear gradient instantiation

If the point distance exceeds SkScalar, nasty things tend to happen.

R=reed@google.com
BUG= 636194 
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2234663002

Review-Url: https://codereview.chromium.org/2234663002

[modify] https://crrev.com/c52310402c56e535e574a0a53e2355e5350e952d/src/effects/gradients/SkGradientShader.cpp
[modify] https://crrev.com/c52310402c56e535e574a0a53e2355e5350e952d/tests/GradientTest.cpp

This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e9b11170779dfd88f8d60b1e7cf96f6a2b378491

commit e9b11170779dfd88f8d60b1e7cf96f6a2b378491
Author: skia-deps-roller <skia-deps-roller@chromium.org>
Date: Wed Aug 10 15:57:39 2016

Roll src/third_party/skia/ d0c38315e..94b5c5a41 (8 commits).

https://chromium.googlesource.com/skia.git/+log/d0c38315e81b..94b5c5a41160

$ git log d0c38315e..94b5c5a41 --date=short --no-merges --format='%ad %ae %s'
2016-08-10 robertphillips Create blurred RRect mask on GPU (rather than uploading it)
2016-08-10 halcanary Revert of Change mapRectScaleTranslate to pass args/ret by value (patchset #2 id:20001 of https://codereview.chromium.org/2138943002/ )
2016-08-10 rmistry SVG tool that downloads SVGs from a txt file into a specified dir
2016-08-10 reed remove support for serializing bitmaps in old format
2016-08-10 reed Change mapRectScaleTranslate to pass args/ret by value
2016-08-10 robertphillips Revert of Create blurred RRect mask on GPU (rather than uploading it) (patchset #4 id:60001 of https://codereview.chromium.org/2222083004/ )
2016-08-10 fmalita Prevent degenerate linear gradient instantiation
2016-08-10 robertphillips Create blurred RRect mask on GPU (rather than uploading it)

BUG= 636194 

CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel
TBR=halcanary@google.com

Review-Url: https://codereview.chromium.org/2232903002
Cr-Commit-Position: refs/heads/master@{#411048}

[modify] https://crrev.com/e9b11170779dfd88f8d60b1e7cf96f6a2b378491/DEPS

ClusterFuzz has detected this issue as fixed in range 410916:411126.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5761724550742016

Fuzzer: inferno_twister
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN WRITE
Crash Address: 0x618e0003f784
Crash State:
  void SkLinearGradient::LinearGradientContext::shade4_dx_clamp<false, false>
  SkLinearGradient::LinearGradientContext::shade4_clamp
  SkLinearGradient::LinearGradientContext::shadeSpan
  
Recommended Security Severity: High

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=409165:409180
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=410916:411126

Minimized Testcase (0.36 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94W_QpVC_VVg0812wANk-tVd6VDjbi7noe6aufdrxXr-DrSA8ObX1CKsC6JrYz8sHBS7uAXvaUnyV__4BA9SwKuSDkq1XSmdAyO-xi3gymfW4j87-Pyi3eW0-TWb0eL40mvXf7kmpFhJq4UuZhb9Wuzosv7mQ?testcase_id=5761724550742016

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot